#cve_2024_20720 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cve_2024_20720, aggregated by home.social.
-
Why you should care about the exploitation of CVE-2024-20720:
A similar Adobe Commerce and Magento Open Source vulnerability CVE-2022-24086 (9.8 critical, disclosed 13 February 2024 by Adobe as a zero-day; improper input validation) was "exploited in the wild in very limited attacks targeting Adobe Commerce merchants." CVE-2022-24086 was added to CISA's KEV Catalog on 15 February 2024, so there is a strong possibility that they would consider CVE-2024-20720. 🔗 https://helpx.adobe.com/security/products/magento/apsb22-12.html#CVE_2024_20720 #Adobe #Commerce #Magento #eitw #activeexploitation #threatintel #IOC
-
Sansec reports active exploitation of CVE-2024-20720 (9.1 critical, disclosed 13 February 2024 by Adobe; Adobe Commerce/Magento Open Source OS command injection) to inject a fake Stripe payment skimmer, which would copy payment data to a compromised Magento store. IOC provided. 🔗 https://sansec.io/research/magento-xml-backdoor
#CVE_2024_20720 #Adobe #Commerce #Magento #eitw #threatintel #activeexploitation #IOC